Abstract
The threat of cyber attacks motivates the need to monitor Internet traffic data for potentially abnormal behavior. Due to the enormous volumes of such data, statistical process monitoring tools, such as those used traditionally on data in the product manufacturing departments, are inadequate. The detection of “exotic” data, which may indicate a potential attack, requires a characterization of “typical” behavior. We propose some simple graphical tools that permit ready visual identification of unusual Internet traffic patterns in “streaming” data. These methods are illustrated on a moderate-sized data set (135,605 records) collected at George Mason University.
